[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: [PATCH 2/2] LiveCD - add test for /sbin/lokkit if it is needed
From: Stephen Smalley <sds () tycho ! nsa ! gov>
Date: 2008-06-09 14:14:23
Message-ID: 1213020863.9375.38.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]
On Fri, 2008-06-06 at 16:11 -0400, eparis@redhat.com wrote:
> From: Eric Paris <eparis@redhat.com>
>
> This patch adds a new function ayum.installHasFile() which tells if the install
> image is going to contain a given file. We then use this new function to make
> sure lokkit is going to be present so that we will be able to disable selinux
> inside the image if the kickstart was configured that way. If we cannot
> accomidate the kickstart setting we error the build.
Do you really need lokkit or can you just manually
rewrite /etc/selinux/config (i.e. just sed -e
"s/SELINUX=enforcing/SELINUX=disabled/")?
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---
> imgcreate/creator.py | 12 +++++++++++-
> imgcreate/yuminst.py | 10 ++++++++++
> 2 files changed, 21 insertions(+), 1 deletions(-)
>
> diff --git a/imgcreate/creator.py b/imgcreate/creator.py
> index f65f7d4..c9ed60c 100644
> --- a/imgcreate/creator.py
> +++ b/imgcreate/creator.py
> @@ -594,7 +594,14 @@ class ImageCreator(object):
> for pkg in kickstart.get_excluded(self.ks,
> self._get_excluded_packages()):
> ayum.deselectPackage(pkg)
> -
> +
> + # if the system is running selinux and the kickstart wants it disabled
> + # we need /usr/sbin/lokkit
> + def __can_handle_selinux(self, ayum):
> + file = "/usr/sbin/lokkit"
> + if not kickstart.selinux_enabled(self.ks) and \
> os.path.exists("/selinux/enforce") and not ayum.installHasFile(file): + \
> raise CreatorError("Unable to disable SELinux because the installed package set did \
> not include the file %s" % (file)) +
> def install(self, repo_urls = {}):
> """Install packages into the install root.
>
> @@ -630,6 +637,9 @@ class ImageCreator(object):
> self.__select_packages(ayum)
> self.__select_groups(ayum)
> self.__deselect_packages(ayum)
> +
> + self.__can_handle_selinux(ayum)
> +
> ayum.runInstall()
> except yum.Errors.RepoError, e:
> raise CreatorError("Unable to download from repo : %s" % (e,))
> diff --git a/imgcreate/yuminst.py b/imgcreate/yuminst.py
> index aebb822..dd5b189 100644
> --- a/imgcreate/yuminst.py
> +++ b/imgcreate/yuminst.py
> @@ -139,6 +139,16 @@ class LiveCDYum(yum.YumBase):
> repo.setCallback(TextProgress())
> self.repos.add(repo)
> return repo
> +
> + def installHasFile(self, file):
> + provides_pkg = self.whatProvides(file, None, None)
> + dlpkgs = map(lambda x: x.po, filter(lambda txmbr: txmbr.ts_state in ("i", \
> "u"), self.tsInfo.getMembers())) + for p in dlpkgs:
> + for q in provides_pkg:
> + if (p == q):
> + return True
> + return False
> +
>
> def runInstall(self):
> os.environ["HOME"] = "/"
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic